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CLAIM AMENDMENTS 

1. (Currently Amended) A method comprising: 

establishing a global zone , wherein the global zone is a global in an operating system 
environment controlled by a single operating system kernel instance that can 
support execution of one or more processes ; 

establishing at least one a non-global zone within the global zone, wherein the non- 
global zone is a partition of the global operating system environment, wherein 
the non-global zone operates as a separate and distinct operating system 
environment, and wherein the non- global zone can support execution of one or 
more processes ; 

selectively limiting at least one of visibility and access by processes associated with 

the global zone to objects within the global zone and select objects within at 

least one non global zone; and 
limiting visibility and access by processes associated with each non global zone to 

objects within that non global zone 
isolating a first process executing within the non-global zone to the non-global zone so 

that the first process does not have visibility or access to processes and objects 

that are not associated with the non-global zone; 
permitting a second process executing within the global zone to have visibility and 

access to processes and objects associated with the global zone; and 
permitting the second process executing within the global zone to have access to 

processes and objects associated with the non-global zone, if the second 

process has a privilege to cross zone boundaries . 
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2. (Currently Amended) The method of claim 1, wherein visibility and access for 

processes associated with the global zone defaults to objects within the global zone, 
the method further comprising: 

receiving a request from a requesting process associated with the global zone for at 
least one of visibility and access to an object in a non global zone; 

determining whether the requesting process is authorized for the requested at least o 
of visibility and access; and 

if the requesting process is authorized, selectively changing at least one of visibility 
and access for the requesting process in accordance with the request 

permitting the second process executing within the global zone to have visibility of 
processes and objects associated with the non-global zone without requiring 
the second process to have the privilege to cross zone boundaries . 



3. (Currently Amended) The method of claim 1, wherein access for processes associate! 
with the global zone defaults to objects within the global zone and visibility for 
processes associated with the global zone defaults to objects within the global zone 

receiving a request from a requesting process associated with the global zone for 

access to an object in a non global zone the second process executing within 



the global zone to cross zone boundaries ; and 
if the requesting process is authorized, selectively changing a 
process in accordance with the request 



s of the requesting 
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granting the second process the privilege to cross zone boundaries, if the second 



process is authorized to receive such a privilege . 



4. (Currently Amended) The method of claim 3- 1, wherein the request comprises a 
request for an additional privilege the non-global zone has a first zone identifier 
associated therewith, wherein processes and objects associated with the non-global 
zone have the first zone identifier associated therewith, and wherein isolating the first 
process to the non- global zone comprises: 

allowing the first process executing within the non-global zone to view or access a 
target process or object only if the target process or object has the first zone 
identifier associated therewith . 

5. (Currently Amended) The method of claim 3- 4, wherein a first process obtains access 
to objects within the global zone and a second process obtains access to objects within 
the global zone and at least one non global zone; and wherein the global zone has a 
second zone identifier associated therewith, wherein processes and objects associated 
with the global zone have the second zone identifier associated therewith, and wherein 
permitting the second process to have visibility and access to processes and objects 
associated with the global zone comprises : 

the global zone is enabled to provide at least one of a default environment and a 

system wide administrative environment 
allowing the second process executing within the global zone to view and access an 

intended process or object if the intended process or object has the second zone 

identifier associated therewith . 
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6. (Currently Amended) The method of claim 1, the method further comprising: 

receiving an identifier indicating a zone selected from at least one of the global zone 

and an the non-global zone; and 
mounting file system resources comprising processes to be executed in the zone 

indicated by the identifier to a portion of a file system associated with the zone 

indicated by the identifier; 
thereby enabling the processes of the file system resources to obtain at least one of 

visibility and access to objects within the zone corresponding to the identifier. 



7. (Original) The method of claim 6, wherein the file system resources are mounted to a 
subdirectory of a root directory of a portion of a file system associated with the zone 
indicated by the identifier; 

thereby enabling processes expecting a tree like directory structure to execute within 
the zone indicated by the identifier. 



8. (Original) The method of claim 6, further comprising: 

enabling select processes to be visible to all other processes in the global zone and the 
non-global zone. 



9. (Currently Amended) The method of claim 4- 6, wherein file system resources 
comprise processes to be executed in any zone, the method further comprising: 
receiving a request by a requesting process to access processes in the file system 
resources; and 
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limiting access to processes in the file system resources based upon the requesting 
process' relationship with a zone indicated in the request; 

thereby enabling the processes of the file system resources to obtain at least one of 

visibility and access to objects within the zone corresponding to the identifier. 

10. (Original) The method of claim 1, further comprising: 

providing information about the zone with which a process is associated based upon 

identity of a requesting process and relationship between the requesting process 
and the zone. 

1 1 . Canceled 

12. Canceled 

13. (Currently Amended) A computer readable storage medium, comprising: 
instructions for causing one or more processors to establish a global zone , wherein the 

global zone is a global operating system environment that can support 
execution of one or more processes ; 
instructions for causing one or more processors to establish at least one a non-global 
zone within the global zone, wherein the non-global zone is a partition of the 
global operating system environment, wherein the non- global zone operates as 
a separate and distinct operating system environment, and wherein the non- 
global zone can support execution of one or more processes ; 
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instructions for causing one or more processors to selectively limit at least one of 
visibility and access by processes associated with the global zone to objects 
within the global zone and select objects within at least one non global zone; 

instructions for causing one or more processors to limit visibility and access by 
processes associated with each non global zone to objects within that non 
global zone; 

wherein the global zone and the at least one non global zone exist concurrently in an 

operating system controlled by a single kernel instance 
instructions for causing one or more processors to isolate a first process executing 

within the non-global zone to the non-global zone so that the first process does 

not have visibility or access to processes and objects that are not associated 

with the non- global zone; 
instructions for causing one or more processors to permit a second process executing 

within the global zone to have visibility and access to processes and objects 

associated with the global zone; and 
instructions for causing one or more processors to permit the second process executing 

within the global zone to have access to processes and objects associated with 

the non-global zone, if the second process has a privilege to cross zone 

boundaries . 

14. (Currently Amended) The computer readable storage medium of claim 13, wherein 
visibility and access for processes associated with the global zone defaults to objects 
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within the global zone, and wherein the instructions for causing one or more 
processors to process comprise further comprising : 

instructions for causing one or more processors to receive a request from a requesting 

process associated with the global zone for at least one of visibility and access 

to an object in an non global zone ; 
instructions for causing one or more processors to determine whether the requesting 

process is authorized for the requested at least one of visibility and access; and 
instructions for causing one or more processors to selectively change at least one of 

visibility and access for the requesting process in accordance with the request, 

if the requesting process is authorized 
instructions for causing one or more processors to permit the second process executing 

within the global zone to have visibility of processes and objects associated 

with the non-global zone without requiring the second process to have the 

privilege to cross zone boundaries 

15. (Currently Amended) The computer readable storage medium of claim 13, wherein 
access for processes associated with the global zone defaults to objects within the 
global zone and visibility for processes associated with the global zone defaults to 
objects within the global zone and objects within at least one non global zone, and 
wherein the instructions for causing one or more processors to process comprise 
further comprising : 
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instructions for causing one or more processors to receive a request from a requesting 
process associated with the global zone for access to an object in an non global 
zone the second process executing within the global zone to cross zone 
boundaries ; and 

instructions for causing one or more processors to selectively change access of the 

requesting process in accordance with the request, if the requesting process is 
authorized 

granting the second process the privilege to cross zone boundaries, if the second 
process is authorized to receive such a privilege . 



16. (Currently Amended) The computer readable storage medium of claim 4# 13, wherein 
the request comprises a request for an additional privilege the non-global zone has a 
first zone identifier associated therewith, wherein processes and objects associated 
with the non-global zone have the first zone identifier associated therewith, and 
wherein the instructions for causing one or more processors to isolate the first process 
to the non- global zone comprises: 

instructions for causing one or more processors to allow the first process executing 
within the non-global zone to view or access a target process or object only if 
the target process or object has the first zone identifier associated therewith . 

17. (Currently Amended) The computer readable storage medium of claim 15- 16, wherein 
a first process obtains access to objects within that global zone exclusively and a 
second process obtains access to objects within the global zone and at least one non 
global zone, thereby enabling the global zone has a second zone identifier associated 
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therewith, wherein processes and objects associated with the global zone have the 
second zone identifier associated therewith, and wherein the instructions for causing 
one or more processors to permit the second process to have visibility and access to 
processes and objects associated with the global zone comprises : 
the global zone to provide at least one of a default environment and a system wide 

administrative environment 
instructions for causing one or more processors to allow the second process executing 
within the global zone to view and access an intended process or object if the 
intended process or object has the second zone identifier associated therewith . 

1 8. (Currently Amended) The computer readable storage medium of claim 13, wherein 
comprising : 

instructions for causing one or more processors to receive an identifier indicating a 
zone selected from at least one of the global zone and an- the non-global zone; 
and 

instructions for causing one or more processors to mount file system resources 

comprising processes to be executed in the zone indicated by the identifier to a 
portion of a file system associated with the zone indicated by the identifier. 

19. (Currently Amended) The computer readable storage medium of claim 18, wherein 
the file system resources are mounted to a subdirectory of a root directory of a portion 
of a file system associated with the zone indicated by the identifier; 
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thereby enabling processes expecting a tree like directory structure to execute within 
the zone indicated by the identifier. 



20. (Currently Amended) The computer readable storage medium of claim 18, wherein 
comprising : 

instructions for causing one or more processors to enable select processes to be visible 
to all other processes in the global zone and the non-global zone. 



21. (Currently Amended) The computer readable storage medium of claim 4-3 j_8, wherein 
file system resources comprise processes to be executed in any zone, and wherein the 
instructions for causing one or more processors to process comprise computer readable 
storage medium further comprises : 

instructions for causing one or more processors to receive a request by a requesting 
process to access processes in the file system resources; and 

instructions for causing one or more processors to limit access to processes in the file 
system resources based upon a requesting process' relationship with a zone 
indicated in the request. 



22. (Currently Amended) The computer readable storage medium of claim 13, wherein 
comprising : 
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instructions for causing one or more processors to provide information about the zone 
with which a process is associated based upon identity of a requesting process 
and relationship between the requesting process and the zone. 



23. Canceled 



24. Canceled 



25. (Currently Amended) An apparatus, comprising: 
a means for establishing a global zone; 
a means for establishing at least one non global zone; 

a means for selectively limiting at least one of visibility and access by processes 

associated with the global zone to objects within the global zone and select 
objects within at least one non global zone; and 

a means for limiting visibility and access by processes associated with each non global 
zone to objects within that zone 

means for establishing a global zone, wherein the global zone is a global operating 
system environment that can support execution of one or more processes; 

means for establishing a non-global zone within the global zone, wherein the non- 
global zone is a partition of the global operating system environment, wherein 
the non- global zone operates as a separate and distinct operating system 
environment, and wherein the non- global zone can support execution of one or 
more processes; 
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means for isolating a first process executing within the non-global zone to the non- 
global zone so that the first process does not have visibility or access to 
processes and objects that are not associated with the non-global zone; 

means for permitting a second process executing within the global zone to have 

visibility and access to processes and objects associated with the global zone; 
and 

means for permitting the second process executing within the global zone to have 
access to processes and objects associated with the non-global zone, if the 
second process has a privilege to cross zone boundaries . 

26. Canceled 

27. (Currently Amended) A system, comprising: 
a processor; and 

a memory connected with the processor, and operative to hold at least one of a 
plurality of program processes, including: 
instructions for providing an operating system; 

instructions for establishing and managing a plurality of zones within the 

operating system under control of a single kernel instance, including: 

instructions for creating a global zone and at least one non global zone; 

instructions for permitting processes attached to the global zone to view and 
access objects in the global zone and view objects in non global zones; 

instructions for permitting processes attached to the non global zone to view 
and access objects only in the non global zone; and 
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instructions for selectively permitting upon authorized request, a process 
attached to the global zone to access objects in a non global zone - 
one or more processors; and 
a storage comprising: 

instructions for causing the one or more processors to establish a global zone, 
wherein the global zone is a global operating system environment that 
can support execution of one or more processes; 

instructions for causing the one or more processors to establish a non-global 
zone within the global zone, wherein the non-global zone is a partition 
of the global operating system environment, wherein the non-global 
zone operates as a separate and distinct operating system environment, 
and wherein the non-global zone can support execution of one or more 
processes; 

instructions for causing the one or more processors to isolate a first process 

executing within the non-global zone to the non-global zone so that the 
first process does not have visibility or access to processes and objects 
that are not associated with the non-global zone; 

instructions for causing the one or more processors to permit a second process 
executing within the global zone to have visibility and access to 
processes and objects associated with the global zone; and 

instructions for causing the one or more processors to permit the second 

process executing within the global zone to have access to processes 
and objects associated with the non-global zone, if the second process 
has a privilege to cross zone boundaries . 
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